Decline Code
What Is a Decline Code? Definition and How It Works
Definition
A decline code is a numeric or alphanumeric response code returned by an issuing bank or payment network when an authorisation request is not approved, indicating the category of reason for the decline.
How it works
Decline codes are defined in card network and ISO 8583 specifications. The issuer returns a response code in field 39 of the ISO 8583 authorisation response message. This code is translated by the gateway or processor into a human-readable decline category and surfaced to the merchant.
Decline codes fall into two primary categories: soft declines and hard declines. Soft declines indicate a temporary condition that may resolve on retry or with additional authentication. Common soft decline codes include 05 (do not honor), 51 (insufficient funds), 65 (transaction not permitted to cardholder), and specific SCA-related soft declines that indicate authentication is required. Hard declines indicate a permanent condition that should not be retried. Hard decline codes include 41 (lost card), 43 (stolen card), 04 (pick up card), and 62 (restricted card).
The distinction between soft and hard declines is critical for retry logic. Card scheme rules explicitly prohibit retrying hard declines; a merchant who retries a stolen card decline is violating scheme rules and risks fines. Soft declines may be retried within specific scheme-mandated windows and frequency limits.
Issuers also return acquirer-specific and network-specific decline codes that do not appear in the base ISO 8583 specification. These proprietary codes require interpretation using network-specific documentation and may carry additional information about the reason for the decline.
Why it matters
Decline code granularity determines the quality of diagnostic insight: summary-level decline reporting (approved vs. declined) is useless for optimisation. Granular decline code data broken down by card type, acquirer, and geography reveals where specific interventions will have impact.
Soft vs. hard decline classification must be enforced in retry logic: retry systems that treat all declines the same risk violating scheme rules on hard declines while also failing to recover soft declines optimally. Every retry decision should check the decline code classification before submitting a retry attempt.
Scheme rules govern retry timing and frequency for soft declines: card networks mandate specific waiting periods and maximum retry counts for different soft decline codes. Violating these restrictions generates scheme fines that can accumulate rapidly for high-volume merchants with automated retry logic.
Decline code patterns reveal attack signals: a sudden spike in specific decline codes, such as a concentration of invalid card number responses (code 14) in a short period, is a signature of card testing or BIN attack activity. Monitoring decline code distribution in real time is part of fraud detection.
With PXP
PXP surfaces granular decline codes in its transaction reporting, with soft/hard decline classification, scheme retry eligibility flags, and trend analysis by decline category, card type, and geography. Retry logic in PXP's platform respects scheme retry rules automatically.
Frequently asked questions
What is the most common decline code for online merchants?
Code 05 (Do Not Honor) is the most common decline code by volume for most card-not-present merchants. It is a generic soft decline that issuers use when their system declines a transaction without specifying a more precise reason. It is often applied by issuer fraud models to suspicious transactions and is eligible for retry within scheme-permitted windows.
How should merchants handle a do-not-honor decline?
Do Not Honor (code 05) is a soft decline eligible for retry. Merchants should wait the scheme-mandated minimum retry interval (typically 24 hours for most codes) before retrying. The retry should be submitted without modification to the transaction parameters on the first attempt. If a second attempt also receives Do Not Honor, the transaction should be abandoned, persistent 05 declines suggest a more fundamental issuer-side block than a temporary condition.
What decline codes indicate a hard decline that must not be retried?
Hard decline codes that must not be retried include: 41 (Lost Card), 43 (Stolen Card), 04 (Pick Up Card, No Fraud), 07 (Pick Up Card, Special Condition), 14 (Invalid Card Number), 54 (Expired Card), and 62 (Restricted Card). These codes indicate a permanent card-level condition. Retrying them violates card scheme rules and may result in fines. These cards should be flagged and removed from stored credential databases.
How do SCA-related decline codes differ from standard decline codes?
SCA-related soft declines are issued when an EEA issuer determines that SCA authentication is required before the transaction can be approved. These codes (including specific values within the 65 and 1A categories) instruct the merchant to re-initiate the transaction with full 3DS authentication. They are distinct from fraud-based soft declines and require a step-up authentication response rather than a simple retry.
Revolutionize your business with PXP
Take complete control of your commerce and payments with one platform.
Get Started